Police enquiries mention more and more often sentences uttered
by the accused as regards the possibility of encoding their letters,
and these reflections are considered as an explicit suggestion of
their will to carry out illegal acts. With the same frequency, police
files contain passages of tapped e-mail messages

From the NSA case
through the several inquiries
A/I had to face, it is a well-known fact that our lives and communications are
monitored.
We are striding towards mass control, when privacy will collapse
for the sake of law and order, among suspicion paradigms and the
fake terror issue.

In a situation where control is always forced onto us
as the solution to all evils, we'd like to cast some light
into the dangers implied by e-mail communication and into
the countermeasures you can use

A non encrypted e-mail message sent through the Internet
is like a post card without an envelope: postpeople, doorkeepers,
neighbours and anybody else who can put their hands on it will easily
read the message you've written

We'll never get tired of repeating that using cryptography
does not only protect yours, but also your addresse's privacy.

Journalists, lawyers, physicians, accountants: there are many
occupations which bind by contract, by ethics or by law to keep
professional secrecy. More and more people use the Internet
for work reasons, and those who must protect their clients' secrets
are obliged to encrypt their e-mail if they don't want their
commercial proposals, law files and case histories to get lost
in the Web red tape.

If they don't encode their documents, they will be neglecting
the necessary measures aimed at keeping professional secrecy
and they will be risking significant legal and financial consequences.

You don't encrypt your mail because you have nothing to hide?
Very well, but how come do you close the curtains at home then?

You certainly wouldn't like some stranger sitting at the desktop
of your Internet provider to grin while reading, for leisure,
the messages you're sending to your best friend. If you have never
encrypted your e-mail, it is likely that some stranger may have read
what you've written...

Your e-mail is exposed to several risks:
when you send a message, your mail client contacts a server through a
so called SMTP protocol and transmits your message to this server.
This transmission takes generally place in plain-text (without any
encoding). The SMTP server contacts in its turn the destination server,
and this transmission will be carried out in plain-text again.

What's more, every time you send an e-mail message the service
provider's computers will record a copy of your letter. Let's see how it works:

So just to travel through some neighbourhoods your mail
has been recorded at least thrice in 2 different hard disks (2 ISP
mail servers) and every time in a perfect copy. And behind these
hard disks hide commercial firms, curious IT technicians, all sorts
of officials and many more... Besides, these three copies are the
best hypothesis: if you give a look at the headers of your incoming
mail (every client has an option to do this), you'll se that the
steps are many more, as many as the copies of your messages

Theoretically, these multiple copies of your mail should be erased
within few hours by each ISP. But the new laws which are being passed
worldwide against "cybercrime" provide for the retention of all
copies for several months, at least as regards the parts signalling
the sender's and the addressee's data.

When you download and read your e-mail, you generally use one of these methods:

by webmail, with a simple browser.

with a mail client, by using POP3 or IMAP protocols.

In both cases the bulk of your mail always travels in plain-text, unless you take some
particular countermeasures: without them your password and your messages are totally readable when
they pass from your provider's box to your computer.

As regards the first problem, you can use encoded communication
channels to send your messages to your servers (by using SMTP with SSL support
and POP3 or IMAP with SSL).

As for the second problem, it can be solved by using a program
for e-mail content encryption. But be careful: you should absolutely
use an open-source program, otherwise you can't be sure that
it does what it claims. Encryption programs can actually suffer several attacks:
someone could want to create a backdoor allowing them to read an encoded e-mail
message anyway. If the program you're using is not open-source, that is if
the source code is not available and cannnot be examined, then a programmer
resolved to grant everybody the possibility of protecting their privacy will
not be able to assess the possible presence of backdoors.

If you know how to manage a normal mail program (writing e-mail messages,
inserting attachments, etc.), then you should not have problems in managing
encryption programs.

GPG, the open-source program we (and many others) advise you, is actually
rather simple to be used, also because it can be installed through an ad-hoc
plugin on several e-mail clients. In particular, we recommend coupling
Thunderbird (mail client) with Enigmail (encryption plugin), which are
both available for every operating system.

At any rate, the degree of safety you'll get closely depends on the
level of protection you can assure to your private key, that is the
file containing the cryptographic mechanisms trigger. If you lose your
private key, security will only be delusive. If you want to know
what a private key is, read on.

There are two different categories of encryption methods: symmetric and
asymmetric.

A symmetric encryption method can, for instance, establish a correspondence
between letters and respective numbers:

A ---> 1

B ---> 2

C ---> 3

and so on.

The drawback of these system is that as soon as you discover how a
message has been encoded, there will be no problems in deccoding it.

An asymmetric system is much more sophisticated. Encoding and decoding
take place through two different mechanisms: their difference is such,
that the encryption mechanism can be made public.

Here's an example to better understand how this system works.
A secret agent going abroad must periodically report with her bosses.
How can she send her reports? Easy: before leaving, the agent gets from her
boss 100 open locks; when she needs to send a message, she puts it in a
solid box, closes the box with one of the locks and sends it by mail.
Once it has been closed, the box can only be opened by the agent's superiors,
who has stayed at home with the necessary key. What are the fundamental aspects
of this system?

When the agent closes the box, nobody can open it without the respective key,
not even the agent herself.

If the agent gets caught, the police cannot decode anything, because they can
only put their hands on the locks.

There's no need for the agent to hide her locks, since they can only close
boxes, but they can't possibly open them.

This example is about a secret agent, but encryption is recommendable
regardless of your having something to hide. It is crucial to demystify
the equation encoding = having illegal things to hide. And if you think
about it, this is an equation you deny every day, when you draw your curtains,
indeed, or when you avoid curious glances at your monitor while you're
writing an e-mail.

Encoding just means avoiding that someone (from your provider's
employees to the marketing firms monitoring words used in e-mail messages
in order to adjust their company's production) reads what you write, your
private affairs.

Moving to the digital realm, we call public key the encryption code (the lock),
and private key the decryption code (the key).

If you use an asymmetric encryption code, you'll have two keys, of course:
a private key you have to protect very carefully and keep absolutely safe,
and a public key, which can be made available to anybody, on a
suited website, for instance.

PGP (Pretty Good Privacy) is a software allowing for totally reserved
communication even between persons who have never seen each other and
who live thousands of kilometres apart. This is possible thanks to public
key cryptography.

Unfortunately the latest PGP versions cannot be considered safe,
in that users cannot check the program code.

This is one of the reasons why GPG (Gnu Privacy Guard) was created: GPG is
a software very similar to PGP which is released under a Gnu license, so that its
code can be verified.

First of all, you should create a public-private key pair through
your encryption software, then you should give your public keys to
the people you want to communicate with. You should never give your private
key to anybody else.

When you write an e-mail message, you should encrypt it with your
addressee's public key.

The encryption process inserts a sort of electronic “lock”
in your message. Even if your e-mail was tapped while going through
the Web, its content could not be accessed because the key would be lacking.

When your message gets to its destination, your addressee will enter a passphrase
(made of more than one word). The encryption software will then use your addressee's
private key to ascertain that the correspondent public key has been used.

Then the software will use the private key to unlock the message encryption and
allow mail reading.

It will now be clear that it is fundamental to spread
your public key as much as possible in order to use asymmetric encryption:
if nobody has your public key, nobody will be able to send you encoded messages.

One of the servers you can use to publish your public key is:
http://pgpkeys.mit.edu/

Cryptography does have a problem, though: since you have to publish
your public key on a server in order to make it available, the mere fact
that your address can be connected to a name challenges the concept of privacy.
That's why a series of tools known as anonymouse remailer has been created: in fact
these tools can totally hide the sender's name.

A good reference on the subject is
Andre' Bacard's FAQ. Generally
speaking, anonymous remailers are servers functioning as mediators
between senders and addressees at the mail delivery stage: thus
the real sender is replaced by the mediator. By passing through a
chain of several mediators, you get a decent security degree and it
can be argued that your mail has been sent anonymously.

For a clever use of this tool, you should pass through many anonymous
remailers. If you want to get a good security degree, you need to encode
your message first and then to send it through a chain of remailers.
Remailers can be used through several clients.

SSL or TLS protocols support is embedded in almost every mail server and client, by now.
Both protocols add a cryptographic level that prevents your password, for example,
from travelling in plain-text through the Internet. Enabling them in a client
is rather easy, but not all providers support them.

Our
mail howto section offers several manuals explaining how to configure a mail client
so as to use SSL/TLS with A/I, while our
remailer page
offers more information about anonymous remailers.

However, there's a lesson to be learned from the mentioned A/I
case, when the postal police used the excuse of an enquiry on terrorism for
secretly seizing our server content, with the help of the hosting webfarm:
this teaches us once more that it is unsafe to rely on other people for
one's individual privacy, and that privacy in the Internet is not much different from
the privacy we get while walking in the streets of this truly unfree world.